<?php   
	include('db.php');
	$tbl_name="Users"; // Table name **needs to be edited with the name of the table containing our usernames and passwords

	// Connect to server and select databse.
	mysql_connect($HOST, $USER, $PASS)or die("cannot connect");
	mysql_select_db("$DB")or die("cannot select DB");
	
	// Define $myusername
	$myusername=$_POST['login'];

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$myusername = mysql_real_escape_string($myusername);
	$sql="SELECT question FROM $tbl_name WHERE login='$myusername'";
	$result=mysql_query($sql);
	$question = $result ? mysql_result( $result, 0 ) : mysql_error() ; 


echo '<form action="security.php" method="post" enctype="multipart/form-data" name="askQuestion" target="_parent">';
	  echo '<h3>Answer the security question: </h3><br />';
	  echo "$question" . '?<br/>';
          echo '<input name="answer" style="width: 90%; " type="text" /></p>';
	  echo '<input name="login" type="hidden" value="' . $myusername . '" />';
          echo '<input name="submit" type="Submit" value="Submit" />';
    echo '</form>';
?>
